Merge PR "[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade httpd to 2.4.66 for CVE-2025-55753, CVE-2025-58098, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200 [High] - branch main" #15324

CBL-Mariner-Bot · jslobodzian · web-flow · commit c726e5ad7815 · 2025-12-16T14:59:02.000-08:00
Co-authored-by: jslobodzian &lt;joslobo@microsoft.com&gt;
diff --git a/SPECS/httpd/httpd.signatures.json b/SPECS/httpd/httpd.signatures.json
@@ -1,15 +1,15 @@
 {
- "Signatures": {
-  "00-proxyhtml.conf": "a2211995b7e55b781f68666664f0bcd84550ed9a16edee07121f63477dfaaffa",
-  "00-ssl.conf": "88f04c415dbd1bf0d074965d37261e056d073b675a047a02e55222818640c6e8",
-  "01-ldap.conf": "cbbbdd396fe056e8ab167abd7b2cb5145b42210bfea38452968ff02a03493fc8",
-  "01-session.conf": "51df0ceeb7dae9922817f4af0554f83fe01d6268025ee08260aeed69be3953d1",
-  "10-listen443.conf": "fc7484790ec6328b9082e04083137551a5ae2e8f4d4696d9846b052915b6a0cb",
-  "httpd-2.4.65.tar.bz2": "58b8be97d9940ec17f7656c0c6b9f41b618aac468b894b534148e3296c53b8b3",
-  "httpd-init.service": "2501b44bdb02f583d98cc5296accbf0af36957b93ed5b871358aeb10a0512a7c",
-  "httpd-ssl-gencerts": "ae96a94eeb0be8731c0bb976e5b878e0e5a196442a001c9e809bed3873f4755d",
-  "httpd-ssl-pass-dialog": "b9bd4816dda673ad9294a0fbd2904fac9b96eabddb4d72080ae58b498bcd1db9",
-  "macros.httpd": "6dbf9313a5d085cb705fa5ef393372ec940008f08bf1c9350f8f49d58df75dff",
-  "ssl.conf": "6690cb873d2312d0ecffcda3822562cd1b1b11ac44b1fcb7bd1b720a9e53c333"
- }
-}
+  "Signatures": {
+    "00-proxyhtml.conf": "a2211995b7e55b781f68666664f0bcd84550ed9a16edee07121f63477dfaaffa",
+    "00-ssl.conf": "88f04c415dbd1bf0d074965d37261e056d073b675a047a02e55222818640c6e8",
+    "01-ldap.conf": "cbbbdd396fe056e8ab167abd7b2cb5145b42210bfea38452968ff02a03493fc8",
+    "01-session.conf": "51df0ceeb7dae9922817f4af0554f83fe01d6268025ee08260aeed69be3953d1",
+    "10-listen443.conf": "fc7484790ec6328b9082e04083137551a5ae2e8f4d4696d9846b052915b6a0cb",
+    "httpd-init.service": "2501b44bdb02f583d98cc5296accbf0af36957b93ed5b871358aeb10a0512a7c",
+    "httpd-ssl-gencerts": "ae96a94eeb0be8731c0bb976e5b878e0e5a196442a001c9e809bed3873f4755d",
+    "httpd-ssl-pass-dialog": "b9bd4816dda673ad9294a0fbd2904fac9b96eabddb4d72080ae58b498bcd1db9",
+    "macros.httpd": "6dbf9313a5d085cb705fa5ef393372ec940008f08bf1c9350f8f49d58df75dff",
+    "ssl.conf": "6690cb873d2312d0ecffcda3822562cd1b1b11ac44b1fcb7bd1b720a9e53c333",
+    "httpd-2.4.66.tar.bz2": "94d7ff2b42acbb828e870ba29e4cbad48e558a79c623ad3596e4116efcfea25a"
+  }
+}
diff --git a/SPECS/httpd/httpd.spec b/SPECS/httpd/httpd.spec
@@ -2,7 +2,7 @@
 %define _confdir %{_sysconfdir}
 Summary:        The Apache HTTP Server
 Name:           httpd
-Version:        2.4.65
+Version:        2.4.66
 Release:        1%{?dist}
 License:        Apache-2.0
 Vendor:         Microsoft Corporation
@@ -345,6 +345,9 @@ fi
 %{_libexecdir}/httpd-ssl-pass-dialog
 
 %changelog
+* Sun Dec 07 2025 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 2.4.66-1
+- Auto-upgrade to 2.4.66 - for CVE-2025-55753, CVE-2025-58098, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200
+
 * Mon Jul 28 2025 Kshitiz Godara <kgodara@microsoft.com> - 2.4.65-1
 - Upgrade to 2.4.65 to fix CVE-2025-54090
 
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -5360,8 +5360,8 @@
         "type": "other",
         "other": {
           "name": "httpd",
-          "version": "2.4.65",
-          "downloadUrl": "https://archive.apache.org/dist/httpd/httpd-2.4.65.tar.bz2"
+          "version": "2.4.66",
+          "downloadUrl": "https://archive.apache.org/dist/httpd/httpd-2.4.66.tar.bz2"
         }
       }
     },

Original file line number	Diff line number	Diff line change
`@@ -5360,8 +5360,8 @@`
`5360`	`5360`	`"type": "other",`
`5361`	`5361`	`"other": {`
`5362`	`5362`	`"name": "httpd",`
`5363`		`- "version": "2.4.65",`
`5364`		`- "downloadUrl": "https://archive.apache.org/dist/httpd/httpd-2.4.65.tar.bz2"`
	`5363`	`+ "version": "2.4.66",`
	`5364`	`+ "downloadUrl": "https://archive.apache.org/dist/httpd/httpd-2.4.66.tar.bz2"`
`5365`	`5365`	`}`
`5366`	`5366`	`}`
`5367`	`5367`	`},`